Get a Backstage Pass to LookingGlass’ Digital Business Risk Roadshow
When it comes to digital business risk, you don’t want a general admission perspective. Get a backstage pass for the LookingGlass Digital Business Risk Roadshow to learn the industry-latest on effective third party risk management, taking a proactive security approach, and get a cybercriminal mastermind's insights on manipulating your organization’s cyber strengths and weaknesses. Come see us in a city near you. The next stop is Houston, TX!
May 28, 2019.
By the CyberWire staff
KrebsOnSecurity broke the story late Friday that First American Financial left data pertaining to "hundreds of millions" of mortgages going back to 2003 exposed on the Internet. Insurance Journal says First American attributed the issue to a "design defect" in an application, and that it's working to fix the problem. It's unknown whether the exposed data have been exploited or misused, but they contain a great deal of sensitive personal information of great potential interest to criminals.
Parties unknown were scanning from TOR exit nodes over the weekend for signs of the BlueKeep vulnerability, ZDNet reports. BlueKeep (CVE-2019-0708) affects the Remote Desktop Protocol in older versions of Windows. 0Patch has a micro-patch for always-on servers and other systems to which Microsoft's patch may be difficult to apply.
According to the Frankfurter Allgemeine, at least three major German firms (Siemens, SAP, and Bosch) are reviewing their relationship with Huawei.
The RobbinHood ransomware that's afflicted Baltimore this month appears to have spread via the EternalBlue vulnerability. EternalBlue, distributed to the world by the ShadowBrokers in 2017, is widely believed to be a zero-day flaw discovered and held for exploitation by NSA, hence reporting in the New York Times and elsewhere that an NSA tool was used against Baltimore. But EternalBlue has been patched since 2017. It's also been used to distribute other malware, notably WannaCry. Perhaps Baltimore should have patched?
Spiegel reports a cryptowar escalation: Germany's Interior Minister Seehofer wants chat apps to deliver plaintext of encrypted communications to law enforcement on demand.
Today's issue includes events affecting Australia, Canada, China, Estonia, Ethiopia, European Union, Germany, Ireland, Japan, Democratic Peoples Republic of Korea, NATO/OTAN, Netherlands, Russia, United Kingdom, United States.
Bring your own context.
Do companies' leaders face a heightened risk of exposure to cyber threats? And if so, how should companies handle this?
"And so we believe that the answer to this - the long-term answer, the real solution - is to have companies provide cybersecurity for their executives and other high-value targets as a benefit and to pay for it but to have it provided - just like your health care - by a third party. And the same way your doctor doesn't call up the company to tell them you're sick, your cybersecurity provider for your personal life wouldn't have any technical connection back into the enterprise - would not provide logs or incident information back to the company and therefore preserve the privacy of the individuals that that company protects."
—Nate Lesser, CEO at Cypient Black, on the CyberWire Daily Podcast, 05.24.19.
And how far might such protection be extended to other company personnel?
Correction, 5.31.19: We've amended the first sentence of the second paragraph to reflect more accurately that the scans were conducted from TOR exit nodes.
Get the In-Depth Guide to Operationalizing Threat Intelligence.
Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.
National Cyber Summit Job Fair, June 5, Huntsville.(Huntsville, Alabama, United States, June 5, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free National Cyber Summit Job Fair, June 5 in Huntsville. Meet face-to-face with 22 leading cyber employers. Visit our site for more details.
Cyber Howard Conference(Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.
Cyber Warrior Women Summer Social: Sip and Paint(Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.
American towns under cyberattack from an NSA-built software(PBS NewsHour) Over the last few weeks, the city of Baltimore essentially went offline after a cyberattack was followed by a ransom demand which the city refused to pay. According to the New York Times, ‘EternalBlue’, the software that wreaked havoc in Baltimore and other cities, was actually created by the National Security Agency. New York Times reporter Scott Shane joins Hari Sreenivasan for more.
NSA Involved in US Cyberattacks(KoDDoS Blog) The US city of Baltimore has been under attack for nearly three weeks by cyber extortionists. Thousands of computers have been frozen. Email, as well as online real estate, utility, social, and health services have been disrupted.
Report: Chinese Spies Stole NSA Hacking Tools(WLTZ) Share This Story:TwitterFacebookLinkedinMore(CNN) – North Korea, Russia and now China. Security experts say state hackers from all three countries have used the same tool to carry out cyberattacks. A tool created by the U.S. government. It’s called Eternalblue and it was built by the National Security Agency. At first, it was a reliable tool used in countless intelligence-gathering and counterterrorism...
Researchers find inherent security flaws in FPGAs(eeNews Europe) Field Programmable Gate Arrays (FPGAs) are electronic components that can be used more flexibly than standard processors. They are also used in large data centers for cloud services. Until now, the use of such services has been considered relatively safe. But researchers at the Karlsruhe Institute of Technology (KIT) have now found potential entrance gates for cyber-criminals.
Fake Pelosi video sparks fears for campaigns(TheHill) A fake video of House Speaker Nancy Pelosi (D-Calif.) posted to Facebook on Thursday that was edited to make her appear drunk is underscoring a quickly evolving danger for 2020 campaigns.
Vulnerability Summary for the Week of May 20, 2019(US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
BlueKeep RCE Flaw Gets Micropatch for Always-On Servers(BleepingComputer) The 0patch platform issued a fix for the Remote Desktop Services RCE vulnerability known as BlueKeep, in the form of a 22 instructions micropatch which can be used to protect always-on servers against exploitation attempts.
Carbon Black: Examining The Growth Story(Seeking Alpha) Hyper-growth stories needs to be backed by numbers. A congested cybersecurity space is putting a drag on Carbon Black's momentum. What is a good price?
Big Four dominate cyber security job space(Accountancy Daily) KPMG and PwC are the UK's biggest recruiters of cyber security experts, with EY and Deloitte close behind, making the Big Four the country’s top four cyber employers
The National Guard's cyber escape room(GCN) The Massachusetts Army National Guard is building a cyber and network security themed escape room it can take to schools to get students interested in cybersecurity.
Legislation, Policy, and Regulation
German Minister Wants Secure Messengers To Decrypt Chats(BleepingComputer) Germany's Interior Minister Horst Seehofer purportedly wants to force messaging providers such as WhatsApp, Telegram, and Threema to provide plain text chats to law enforcement agencies on a court order as reported by Der Spiegel and from a number of other German news outlets.
Germany demands an end to working cryptography(Boing Boing) Germany's Interior Minister Horst Seehofer -- a hardliner who has called for cameras at every "hot spot" in Germany -- has announced that he will seek a ban on working cryptography in Germany; he will insist that companies only supply insecure tools that have a backdoor that will allow the German state to decrypt messages and chats on demand.
History Gives No Clues To Trump-Huawei Endgame(Law360) President Donald Trump’s recent blacklisting of Huawei marked the second time in just over three years that the U.S. moved to block a Chinese telecom giant from the domestic supply chain. But unlike before, the path to a resolution of this high-stakes trade dispute is not immediately clear.
Former NSA Officer Talks Dangers Of Information Ops(Cyber Security Hub) Former National Security Agency (NSA) Tailored Access Operations (TAO) Officer, and the Chief of Outreach at the Army Cyber Institute at West Point, Dr. Michael Klipstein appeared on Episode #85 of Task Force 7 Radio this week, with host George Rettas, president and CEO of Task Force 7 Radio and Task Force 7 Technologies.
Our take: Interpreting recent signals from US regulatory agencies(Circle | The new shape of money) We want to highlight how recent signals from U.S. regulators are creating an uncertain environment for crypto assets, prompting us to take actions that we—and our customers and community—find deeply frustrating. The heart of our argument for a clear, forward-looking regulatory framework for crypto has long been
Significant GDPR enforcement action imminent(Cooley) The EU General Data Protection Regulation (the “GDPR”) has been in force for just under a year now. Prior to its coming into effect, a key topic of concern for many companies was the ability of Sup…
Potential clash over secrets looms between Justice Department and CIA(SFGate) President Trump's order allowing Attorney General William Barr to declassify any intelligence that sparked the opening of the Russia investigation sets up a potential confrontation with the CIA, effectively stripping the agency of its most critical power: choosing which secrets it shares and which ones remain hidden.
Opinion | Where’s the spotlight on ‘Spygate’?(Washington Post) Impeachment is a doomed undertaking, and House Speaker Nancy Pelosi knows that focusing on it would also bring a focus on possible abuses of power by a handful of FBI officials.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Banking Cyber Security Forum London(London, England, United Kingdom, June 18, 2019) The Banking Cyber Security Forum is an exclusive, top flight event exclusively for senior banking executives, set to address each of these challenges and opportunities and encourages peer-to-peer conversation...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
SecureWorld Atlanta(Atlanta, Georgia, USA, May 29 - 30, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...
Louisville Cybersecurity Conference(Louisville, Kentucky, USA, May 30, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
National Cyber Summit(Huntsville, Alabama, USA, June 4 - 6, 2019) National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising...
Infosecurity Europe(London, England, USA, June 4 - 6, 2019) Europe’s Leading Event for Information and Cyber Security Bringing business, tech and cyber communities together to discuss and discover how best to protect companies and individuals. Join in to find ‘everyone...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.